Skip to content

Commit d259376

Browse files
author
Jan Lindström
committed
MDEV-8041: InnoDB redo log encryption
Merged new version of InnoDB/XtraDB redo log encryption from Google provided by Jonas Oreland.
1 parent ab54f5a commit d259376

File tree

14 files changed

+828
-692
lines changed

14 files changed

+828
-692
lines changed

storage/innobase/include/log0crypt.h

Lines changed: 34 additions & 52 deletions
Original file line numberDiff line numberDiff line change
@@ -9,69 +9,21 @@ Created 11/25/2013 Minli Zhu
99

1010
#include "univ.i"
1111
#include "ut0byte.h"
12-
#include "ut0lst.h"
13-
#include "ut0rnd.h"
1412
#include "my_crypt.h"
1513

16-
#define PURPOSE_BYTE_LEN MY_AES_BLOCK_SIZE - 1
17-
#define PURPOSE_BYTE_OFFSET 0
18-
#define UNENCRYPTED_KEY_VER ENCRYPTION_KEY_NOT_ENCRYPTED
19-
2014
typedef int Crypt_result;
2115

2216
/* If true, enable redo log encryption. */
2317
extern my_bool srv_encrypt_log;
24-
/* Plain text used by AES_ECB to generate redo log crypt key. */
25-
extern byte redo_log_crypt_msg[MY_AES_BLOCK_SIZE];
26-
/* IV to concatenate with counter used by AES_CTR for redo log crypto. */
27-
extern byte aes_ctr_nonce[MY_AES_BLOCK_SIZE];
28-
29-
/*********************************************************************//**
30-
Generate a 128-bit random message used to generate redo log crypto key.
31-
Init AES-CTR iv/nonce with random number.
32-
It is called only when clean startup (i.e., redo logs do not exist). */
33-
UNIV_INTERN
34-
void
35-
log_init_crypt_msg_and_nonce(void);
36-
/*===============================*/
37-
/*********************************************************************//**
38-
Init log_sys redo log crypto key. */
39-
UNIV_INTERN
40-
void
41-
log_init_crypt_key(
42-
/*===============*/
43-
const byte* crypt_msg, /*< in: crypt msg */
44-
const uint crypt_ver, /*< in: mysqld key version */
45-
byte* crypt_key); /*< out: crypt struct with key and iv */
46-
/*********************************************************************//**
47-
Encrypt log blocks. */
48-
UNIV_INTERN
49-
Crypt_result
50-
log_blocks_encrypt(
51-
/*===============*/
52-
const byte* blocks, /*!< in: blocks before encryption */
53-
const ulint size, /*!< in: size of blocks, must be multiple of a log block */
54-
byte* dst_blocks); /*!< out: blocks after encryption */
5518

56-
/*********************************************************************//**
57-
Decrypt log blocks. */
58-
UNIV_INTERN
59-
Crypt_result
60-
log_blocks_decrypt(
61-
/*===============*/
62-
const byte* blocks, /*!< in: blocks before decryption */
63-
const ulint size, /*!< in: size of blocks, must be multiple of a log block */
64-
byte* dst_blocks); /*!< out: blocks after decryption */
65-
66-
/*********************************************************************//**
67-
Set next checkpoint's key version to latest one, and generate current
68-
key. Key version 0 means no encryption. */
19+
/***********************************************************************
20+
Set next checkpoint's key version to latest one, and generate new key */
6921
UNIV_INTERN
7022
void
7123
log_crypt_set_ver_and_key(
7224
/*======================*/
73-
uint& key_ver, /*!< out: latest key version */
74-
byte* crypt_key); /*!< out: crypto key */
25+
ib_uint64_t next_checkpoint_no);
26+
7527

7628
/*********************************************************************//**
7729
Writes the crypto (version, msg and iv) info, which has been used for
@@ -83,4 +35,34 @@ log_crypt_write_checkpoint_buf(
8335
/*===========================*/
8436
byte* buf); /*!< in/out: checkpoint buffer */
8537

38+
/*********************************************************************//**
39+
Read the crypto (version, msg and iv) info, which has been used for
40+
log blocks with lsn <= this checkpoint's lsn, from a log header's
41+
checkpoint buf. */
42+
UNIV_INTERN
43+
void
44+
log_crypt_read_checkpoint_buf(
45+
/*===========================*/
46+
const byte* buf); /*!< in: checkpoint buffer */
47+
48+
/********************************************************
49+
Encrypt one or more log block before it is flushed to disk */
50+
UNIV_INTERN
51+
void
52+
log_encrypt_before_write(
53+
/*===========================*/
54+
ib_uint64_t next_checkpoint_no, /*!< in: log group to be flushed */
55+
byte* block, /*!< in/out: pointer to a log block */
56+
const ulint size); /*!< in: size of log blocks */
57+
58+
/********************************************************
59+
Decrypt a specified log segment after they are read from a log file to a buffer.
60+
*/
61+
UNIV_INTERN
62+
void
63+
log_decrypt_after_read(
64+
/*==========================*/
65+
byte* frame, /*!< in/out: log segment */
66+
const ulint size); /*!< in: log segment size */
67+
8668
#endif // log0crypt.h

storage/innobase/include/log0log.h

Lines changed: 9 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -677,19 +677,15 @@ extern log_t* log_sys;
677677
#endif
678678
#define LOG_CHECKPOINT_OFFSET_HIGH32 (16 + LOG_CHECKPOINT_ARRAY_END)
679679
#define LOG_CRYPT_VER (20 + LOG_CHECKPOINT_ARRAY_END)
680-
/*!< 32-bit key version. Corresponding
681-
key has been used for log records with
682-
lsn <= the checkpoint' lsn */
683-
#define LOG_CRYPT_MSG (24 + LOG_CHECKPOINT_ARRAY_END)
684-
/*!< a 128-bit value used to
685-
derive cryto key for redo log.
686-
It is generated via the concatenation
687-
of 1 purpose byte T (0x02) and a
688-
15-byte random number.*/
689-
#define LOG_CRYPT_IV (40 + LOG_CHECKPOINT_ARRAY_END)
690-
/*!< a 128-bit random number used as
691-
AES-CTR iv/nonce for redo log */
692-
#define LOG_CHECKPOINT_SIZE (56 + LOG_CHECKPOINT_ARRAY_END)
680+
681+
#define LOG_CRYPT_MAX_ENTRIES (5)
682+
#define LOG_CRYPT_ENTRY_SIZE (4 + 4 + 2 * MY_AES_BLOCK_SIZE)
683+
#define LOG_CRYPT_SIZE (1 + 1 + \
684+
(LOG_CRYPT_MAX_ENTRIES * \
685+
LOG_CRYPT_ENTRY_SIZE))
686+
687+
#define LOG_CHECKPOINT_SIZE (20 + LOG_CHECKPOINT_ARRAY_END + \
688+
LOG_CRYPT_SIZE)
693689

694690
/* Offsets of a log file header */
695691
#define LOG_GROUP_ID 0 /* log group number */
@@ -794,10 +790,6 @@ struct log_t{
794790
lsn_t lsn; /*!< log sequence number */
795791
ulint buf_free; /*!< first free offset within the log
796792
buffer */
797-
uint redo_log_crypt_ver;
798-
/*!< 32-bit crypto ver */
799-
byte redo_log_crypt_key[MY_AES_BLOCK_SIZE];
800-
/*!< crypto key to encrypt redo log */
801793
#ifndef UNIV_HOTBACKUP
802794
ib_mutex_t mutex; /*!< mutex protecting the log */
803795

storage/innobase/include/log0recv.h

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -434,11 +434,6 @@ struct recv_sys_t{
434434
scan find a corrupt log block, or a corrupt
435435
log record, or there is a log parsing
436436
buffer overflow */
437-
uint recv_log_crypt_ver;
438-
/*!< mysqld key version to generate redo
439-
log crypt key for recovery */
440-
byte recv_log_crypt_key[MY_AES_BLOCK_SIZE];
441-
/*!< crypto key to decrypt redo log for recovery */
442437
#ifdef UNIV_LOG_ARCHIVE
443438
log_group_t* archive_group;
444439
/*!< in archive recovery: the log group whose

0 commit comments

Comments
 (0)